On Jul 19, 2017 08:43, "Matt Sicker" <boa...@gmail.com> wrote:
On 18 July 2017 at 15:02, Stefan Bodewig <bode...@apache.org> wrote: > > We shouldn't remove any key that has been used to sign a release in the > past. No matter how long in the past :-) > What about expired keys? Can't those still be used to validate old releases? Gary -- Matt Sicker <boa...@gmail.com>
